A trust Model is collection of rules that informs application on how to decide the

legitimacy of a Digital Certificate. There are two types of trust models widely used.
Implementing Trust Models
For PKI to work, the capabilities of CAs must be readily available to users. The model
that has been shown to this point is the simple trust model. However, the simple
trust model may not work as PKI implementations get bigger. Conceptually, every
computer user in the world would have a certificate. However, accomplishing this
would be extremely complex and would create enormous scaling or growth issues.
Four main types of trust models are used with PKI:
Hierarchical
Bridge
Mesh
Hybrid
PKI was designed to allow all of these trust models to be created. They can be fairly
granular from a control perspective. Granularity refers to the ability to manage
individual resources in the CA network.
In the following sections, I’ll examine each of these models. I’ll detail how each
model works and discuss its advantages and disadvantages.
Hierarchical Trust Models
1. In a hierarchical trust model—also known as a tree—a root CA at the top
provides all the information.
2. The intermediate CAs are next in the hierarchy, and they only trust
information provided by the root CA.
3. The root CA also trusts intermediate CAs that are in their level in the
hierarchy and none that aren’t. This arrangement allows a high level of
control at all levels of the hierarchical tree.
4. This might be the most common implementation in a large organization that
wants to extend its certificate-processing capabilities.
5. Hierarchical models allow tight control over certificate-based activities.
Figure 7.14 illustrates the hierarchical trust structure. In this situation, the
intermediate
CAs trust only the CAs directly above them or below them.
 6. Root CA systems can have trusts between them, and there can be trusts
between intermediate and leaf CAs.
7. A leaf CA is any CA that is at the end of a CA network or chain.
This structure allows you to be creative and efficient when you create hybrid
systems.
Bridge Trust Models
1. In a bridge trust model, a peer-to-peer relationship exists between the root
CAs.
2. The root CAs can communicate with each other, allowing cross certification.
3. This arrangement allows a certification process to be established between
organizations or departments.
4. Each intermediate CA trusts only the CAs above and below it, but the CA
structure can be expanded without creating additional layers of CAs.
5. Additional flexibility and interoperability between organizations are the
primary advantages of a bridge model.
6. Lack of trustworthiness of the root CAs can be a major disadvantage.
7. If one of the root CAs doesn’t maintain tight internal security around its
certificates, a security problem can be created: An illegitimate certificate
could become available to all the users in the bridge structure and its
subordinate or intermediate CAs.
8. This model may be useful if you’re dealing with a large, geographically
dispersed organizationor you have two organizations that are working
together.
9. A large, geographically dispersed organization could maintain a root CA at
each remote location; the root CAs would have their own internal hierarchy,
and users would be able to access certificates from any place in the CA
structure.
Figure 7.15 illustrates a bridged structure. In this example, the intermediate
CAs communicate only with their respective root CA.
 10. All cross certification is handled between the two root CA systems.

Hybrid Trust Model

1. A Hybrid Trust Model can use the capabilities of any or all of the structures
discussed in the previous sections.
2. You can be extremely flexible when you build a hybrid trust structure.
3. The flexibility of this model also allows you to create hybrid environments.
Figure 7.17 illustrates such a structure.
4. Notice that in this structure, the single intermediate CA server on the right
side of the illustration is the only server that is known by the CA below it.
5. The subordinates of the middle-left CA are linked to the two CAs on its sides.
6. These two CAs don’t know about the other CAs, because they are linked only
to the CA that provides them a connection.
7. The two intermediate servers in the middle of the illustration and their
subordinates trust each other; they don’t trust others that aren’t in the link
 .
8. The major difficulty with hybrid models is that they can become complicated
and confusing.
9. A user can unintentionally acquire trusts that they shouldn’t have obtained.
10. In our example, a user could accidentally be assigned to one of the CAs in
the middle circle.
11. As a member of that circle, the user could access certificate information that
should be available only from their root CA.
12.In addition, relationships between CAs can continue long past their
usefulness; unless someone is aware of them, these relationships can exist
even after the parent organizations have terminated their relationships.
Creating Security Zones
• Over time, networks can become complex beasts. What may have started
as a handful of computers sharing resources can quickly grow to
something resembling an electrician’s nightmare.
• The networks may even appear to have lives of their own. It’s common
for a network to have connections among departments, companies,
countries, and public access using private communication paths and
through the Internet.
• Not everyone in a network needs access to all the assets in the network.
The term security zone describes design methods that isolate
systems from other systems or networks.
• You can isolate networks from each other using hardware and software.
• A router is a good example of a hardware solution: You can configure
some machines on the network to be in a certain address range and
others to be in a different address range. This separation makes the two
networks invisible to each other unless a router connects them.
• Some of the newer data switches also allow you to partition networks into
smaller networks or private zones.
• When discussing security zones in a network, it’s helpful to think of them
as rooms.
• You may have some rooms in your house or office that anyone can enter.
For other rooms, access is limited to specific individuals for specific
purposes.
• Establishing security zones is a similar process in a network:
Security zones allow you to isolate systems from unauthorized
users. Here are the four most common security zones you’ll
encounter:
Internet
Intranet
Extranet
Demilitarized zone (DMZ)
The next few sections identify the topologies used to create security
zones to provide
security. The Internet has become a boon to individuals and to businesses,
but it creates a
challenge for security. By implementing intranets, extranets, and DMZs,
you can create a
reasonably secure environment for your organization.
The Internet
1. The Internet is a global network that connects computers and individual
networks together.
2. It can be used by anybody who has access to an Internet portal or an
Internet service provider (ISP).
3. In this environment, you should have a low level of trust in the people
who use the Internet.
4. You must always assume that the people visiting your website may have
bad intentions; they may want to buy your product, hire your firm, or
bring your servers to a screaming halt.
5. Externally, you have no way of knowing until you monitor their actions.
6. Because the Internet involves such a high level of anonymity, you must
always safeguard your data with the utmost precautions. Figure 1.10
illustrates an Internet network and its connections.
7. Sometimes the data leaving a network can be as much a sign of trouble
as the data entering it. Examining data leaving the network for signs of
malicious traffic is a fairly new field of computer security and is known as
extrusion.
 Intranets
1. Intranets are private networks implemented and maintained by an
individual company or organization.
2. You can think of an intranet as an Internet that doesn’t leave your
company; it’s internal to the company, and access is limited to systems
within the intranet.
3. Intranets use the same technologies used by the Internet. They can be
connected to the Internet but can’t be accessed by users who aren’t
authorized to be part of them; the anonymous user of the Internet is
instead an authorized user of the intranet.
4. Access to the intranet is granted to trusted users inside the corporate
network or to users in remote locations.
Figure 1.11 displays an intranet network.

Demilitarized Zone (DMZ)

1. A demilitarized zone (DMZ) is an area where you can place a public
server for access by people you might not trust otherwise.
2. By isolating a server in a DMZ, you can hide or remove access to other
areas of your network. You can still access the server using your
network, but others aren’t able to access further network resources.
3. This can be accomplished using firewalls to isolate your network.
4. When establishing a DMZ, you assume that the person accessing the
resource isn’t necessarily someone you would trust with other
information. Figure 1.13 shows a server placed in a DMZ.
5. Notice that the rest of the network isn’t visible to external users. This
lowers the threat of intrusion in the internal network.
6. Anytime you want to separate public information from private information,
a DMZ is an acceptable option.
7. The easiest way to create a DMZ is to use a firewall that can transmit in
three directions: to the internal network, to the external world (Internet),
and to the public information you’re sharing (the DMZ). From there, you
can decide what traffic goes where; for example, HTTP traffic would be
sent to the DMZ, and e-mail would go to the internal network.

Virtual Local Area Networks

1. A virtual local area network (VLAN) allows you to create groups of users
and systems and segment them on the network.
2. This segmentation lets you hide segments of the network from other
segments and thereby control access.
3. You can also set up VLANs to control the paths that data takes to get from
one point to another. A VLAN is a good way to contain network traffic to a
certain area in a network.
4. Think of a VLAN as a network of hosts that act as if they’re connected by
a physical wire even though there is no such wire between them.
5. On a LAN, hosts can communicate with each other through broadcasts,
and no forwarding
devices, such as routers, are needed.
6. As the LAN grows, so too does the number of broadcasts.
7. Shrinking the size of the LAN by segmenting it into smaller groups
(VLANs) reduces the size of the broadcast domains.
8. The advantages of doing this include reducing the scope of the
broadcasts, improving performance and manageability, and decreasing
dependence on the physical topology. From the standpoint of this exam,
however, the key benefit is that VLANs can increase security by allowing
users with similar data sensitivity levels to be segmented together.
Figure 1.14 illustrates the creation of three VLANs in a single network.

Tunneling
1. Tunneling refers to creating a virtual dedicated connection between
two systems or networks.
2. You create the tunnel between the two ends by encapsulating the data
in a mutually agreed upon protocol for transmission.
3. In most tunnels, the data passed through the tunnel appears at the
other side as part of the network.
4. Tunneling protocols usually include data security as well as encryption.
5. Several popular standards have emerged for tunneling, with the most
popular being the Layer 2 Tunneling Protocol (L2TP).
6. Tunneling sends private data across a public network by placing
(encapsulating) that data into other packets.
7. Most tunnels are virtual private networks (VPNs). Figure 1.16 shows a
connection being made between two networks across the Internet. To
each end of the network, this appears to be a single connection.